Online Privacy Management

ABSTRACT

A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon for display on webpages being monitored/controlled in realtime by the PMS.

This application is a continuation of and claims the benefit of U.S.patent application Ser. No. 13/554,603, filed Jul. 20, 2012, whichclaims priority to U.S. patent application Ser. No. 13/340,582, filedDec. 29, 2011, which claims priority to U.S. Provisional ApplicationSer. No. 61/428,560, filed Dec. 30, 2010, including itsconcurrently-filed appendices. All of the aforementioned are hereinincorporated by reference in their entirety.

TECHNICAL FIELD

Aspects of the disclosure generally relate to management, regulation,control, and/or auditing of analytics and other data to be collectedfrom a user's terminal. In particular, various aspects of the disclosurediscuss features of an online privacy management system.

BACKGROUND

Web pages are generally written in Hypertext Markup Language (HTML).They are written using HTML elements that include “tags” surrounded byangle brackets; information in the tag tells the web browser how tointerpret the HTML element (e.g., as text, for insertion of an imageinto the webpage, for running a script, etc.). These tags can, amongother things, include or can load scripts in languages such asJavaScript™.

Meanwhile, web analytics is a field in which data about customers (e.g.,customer behavior, customer location, etc.) is collected and analyzedfor a variety of purposes. To obtain data for web analytics, apopulation of users visits a web page and/or starts an application thatcauses certain program instructions to be executed. Usually, data iscollected for web analytics purposes through a variety of mechanisms,including the setting of a cookie and/or by running scripts in the HTMLdocument. The scripts may perform a variety of functions, includinggrabbing variables from the document object model (DOM) and/or sendingback an image request to a data collection server either internally orexternally hosted.

The program instructions for web analytics are generally authored andrun by a variety of vendors, including Omniture™, Google™, Yahoo™, andWebtrends™, among others, in order to be able to capture data such asweb page load times, “mouse overs” (i.e., moving a mouse over aparticular object on the web page), and the page requestor's IP address.A medium complexity web page may include 5-10 tags with a reference tocomputer scripts that are run on servers managed by different vendors.

When a marketer assigned to manage web analytics for an organizationdecides that she wants to change the code/tagging to measure and analyzedifferent features, the process is often tedious and challenging. Inmany situations, to perform this update, the marketer must create a newcustom variable in the program instructions, define what the newvariable is, and specify what data the modified code must capture forthe web page. Since the marketer is generally not skilled in how toperform these modifications, she must interface with her informationtechnology (IT) department or other similar agency. Sometimes, even theIT department may not adequately understand the syntax of the webanalytics program instructions to properly modify the code, especiallygiven that the myriad web analytics vendors, advertisers, surveyresearchers, and marketers all have their own custom computer code foreffectuating the collection of data for analysis. In other situations,the IT department may not have the appropriate bandwidth to modify thecode for deployment on schedule (e.g., for an advertisement campaigndeadline, etc). These problems are only exacerbated when a client'swebsite has many pages and/or many different types of programinstructions for collecting various data about a user.

Some web analytics tools use the HTML image element and/or JavaScript toassist in collecting analytics data. An analytics data transmission maybe masked as an image element that does not add the image element to thewebpage's DOM. Instead, the image element may be for a one pixel by onepixel transparent image by the analytics vendor for the purposes ofcollecting data related to the webpage visitor. For example, the “src”attribute may be set to a URL with an appended string of parametername-value pairs (e.g.,www.hostname.com/theImage.gif?data=something&data2=someMoreData). Oncethe “src” attribute is set, the browser may attempt to locate andretrieve the image at the URL location. In doing so, the analytics datamay be obtained at the remote server as these name-value pairs. This isone method frequently used by web analytics vendors for collecting data.

Some companies may outsource their web analytics to one or more thirdparty vendors (e.g., web analytics vendors, voice of consumer (VOC), adservers, testing solutions, targeting tools, pay per click (PPC) tools,affiliate tracking, etc.) that specialize in web analytic, webadvertising, and other web-related services. Meanwhile, these thirdparty vendors may contract/work with one or more fourth party vendors toassist in collecting data, displaying/selecting advertising images,analyzing collected data, etc. For example, a fourth party vendor may beexecuting code on the companies' webpages or collecting analytics datafrom the webpages. This fourth party vendor may be unknown to thewebsite owner or might not be an industry-verified vendor. Some fourthparty vendors might not respect DNT (Do-Not-Track) Headers, unbeknownstto the website owner/company. In some case, the fourth party vendor mayeven share the information collected about visitors with fifth partyvendors, again unbeknownst to the website owner/company. As such, datamay be collected and distributed from the website to domains and vendorsunknown to the website administrator. Privacy and other issues (e.g.,technical issues) may arise in regulating, controlling, and/or auditingthe dissemination of the data. The disclosure attempt to provide anonline privacy management system that, among other things, permits users(e.g., Chief Privacy Officers of a company, etc.) to bettercontrol/regulate/manage consumer data and privacy.

BRIEF SUMMARY

Aspects of the disclosure address one or more of the issues mentionedabove by disclosing methods, computer readable media, and apparatusesfor an online privacy management system and related systems. In oneexample, a system may assist in managing, regulating, controlling,and/or auditing of transmission of collected data (e.g., web analyticsor other data) collected from a user's terminal to external servers. Theprivacy management system may simplify the process by which users (e.g.,Chief Privacy Officers (CPOs), webpage visitors, etc.) can oversee withwhom and/or what information is being collected for transmission tothird-party and fourth-party computer servers.

In one example in accordance with aspects of the disclosure, a privacymanagement system's non-transitory computer-readable medium storingscripting code written in a programming language that lacksfunctionality to override a setter function of a variable correspondingto a uniform resource locator stored in a predefined object, whereinwhen the scripting code is executed by a processor of a computing devicelocated remotely from the privacy management system, the scripting codecauses the remote computing device to perform numerous steps isdisclosed. In some examples, the steps may include one or more of thesteps described herein. For example, the remote computing device mayperform one or more steps of: monitoring in realtime, using theprocessor, a document object model of a webpage to identify updates tothe document object model that cause modification of the uniformresource locator stored in the predefined object; comparing in realtime,using the processor, the modified uniform resource locator to apredetermined list of values; and/or blocking in realtime, using theprocessor, transmission of web analytics data to a server associatedwith the modified uniform resource locator, based on the comparing. Inaddition, in some examples, the remote computing device may also performone or more steps of: defining, using the processor, a new object,wherein the new object is a wrapper object overriding the predefinedobject; and/or creating the new object in the document object model,using the processor, wherein the new object is configured to store atleast an uniform resource locator. One or more of the steps describedabove may be optional or may be combined with other steps. In someexamples, the monitoring step may include causing the processor to checkfor updates to the uniform resource locator stored in the new object.

In another example in accordance with aspects of the disclosure, acomputerized apparatus comprising: a processor configured to transmit,over a network to a remote computing device, scripting code written in aprogramming language that lacks functionality to override a setterfunction of a first attribute in a predefined object; and a memorystoring the scripting code, which when executed by the remote computingdevice, causes the remote computing device to perform numerous steps isdisclosed. In some examples, the steps may include one or more of thesteps described herein. For example, the remote computing device may:define a new object comprising a wrapper object overriding thepredefined object, including configuring a processor of the remotecomputing device to create, in a memory of the remote computing device,the new object instead of the predefined object in response to a requestto create the predefined object; check on a regular interval for updatesto a second attribute stored in the new object, wherein the secondattribute is associated with the first attribute stored in thepredefined object; compare the second attribute to a predetermined listof values, responsive to determining that the second attribute stored inthe new object has been updated by other scripting code executing on theremote computing device, wherein the other scripting code is transmittedfrom a remote third-party server different from the computerizedapparatus; and/or block the other scripting code from causing the remotecomputing device to send collected data, responsive to the comparing ofthe second attribute to the predetermined list of values. In addition,in some examples, the collected data may comprise web analytic data, thepredefined object may be a hypertext markup language image object, thefirst attribute and second attribute may be configured to store uniformresource locators, and/or the blocking of the other scripting code maybe performed in realtime. One or more of the steps described above maybe optional or may be combined with other steps. Furthermore, in someexamples in accordance with aspects of the disclosure, the predeterminedlist of values may comprise at least one of: a blacklist and awhitelist, wherein the other scripting code may be blocked responsive toat least one of: determining that the second attribute of the new objectis in the blacklist, and determining that the second attribute of thenew object is not in the whitelist.

In yet another example in accordance with aspects of the disclosure, amethod of controlling distribution of web analytic data using an onlineprivacy management system is disclosed. In some examples, the method mayinclude one or more of the steps described herein. For example, themethod may include one or more steps of: receiving a page from a remoteserver corresponding to a first domain, wherein the page comprises atleast a plurality of elements that cause a computer processor to senddata to a domain different from the first domain; processing, using thecomputer processor, a first element of the plurality of elements of thepage, wherein the first element stores a first uniform resource locatorreferencing a privacy management system server storing scripting codefor privacy management; sending, using the computer processor, a requestto the privacy management system server for the scripting code forprivacy management; executing, using the computer processor, thescripting code for privacy management to at least define an overriddenobject, wherein the overridden object is a wrapper object overriding apredefined object; processing, using the computer processor, a secondelement of the plurality of elements after the executing of thescripting code for privacy management, wherein the second element isconfigured to cause creation of the predefined object configured to senddata to a domain different from the first domain and different from theprivacy management system server; creating, in a computer memory usingthe computer processor, the overridden object instead of the predefinedobject corresponding to the second element, wherein the overriddenobject is configured to store at least an uniform resource locator;storing in the overridden object a second uniform resource locatorreceived from the second element, wherein the second uniform resourcelocator corresponds to a second domain; creating, in the computer memoryusing the computer processor, the predefined object, wherein thepredefined object is configured to store at least an uniform resourcelocator; causing, by the scripting code for privacy management, thecomputer processor to check for updates to the uniform resource locatorstored in the overridden object; in response to determining that theuniform resource locator of the overridden object has been updated tothe second uniform resource locator, comparing, by the scripting codefor privacy management, the second uniform resource locator stored inthe overridden object to a predetermined list of domains; in response todetermining that the second uniform stored in the overridden object isin the predetermined list, blocking, by the scripting code for privacymanagement, the second element from configuring the page to sendcollected data to the second uniform resource locator, wherein thecollected data comprises web analytic data; and/or in response todetermining that the second uniform stored in the overridden object isnot in the predetermined list, updating, by the scripting code forprivacy management, the uniform resource locator stored in thepredefined object to the second uniform resource locator. In addition,in some examples, the blocking may be performed in realtime and compriseone or more steps of: modifying the second uniform resource locator toclear the collected data; and/or storing the modified second uniformresource locator in the predefined object. In some examples, thecomputer processor may check for updates to the second uniform resourcelocator of the overridden object on a predetermined interval, and notusing a push model. In addition, in some examples, the second elementmay be a script tag in hypertext markup language and include a fourthuniform resource locator, and the method may also include one or moresteps of: causing, by the second element, an update of the seconduniform resource locator stored in the overridden object to the fourthuniform resource locator, wherein the fourth uniform resource locator isin the predetermined list of domains; recording in a log the seconduniform resource locator that corresponds to the second domain; and/orrecording in the log in association with the second uniform resourcelocator, at least the fourth uniform resource locator. One or more ofthe steps described above may be optional or may be combined with othersteps. Furthermore, in some examples, the two steps of recording in thelog may include reading a stack trace using the computer processor toobtain information for the log file.

In one example in accordance with aspects of the disclosure, a privacymanagement system's computer-readable storage medium storingcomputer-executable instructions, which when executed by a processor ofa computing device located remotely from the privacy management system,causes the remote computing device to perform numerous steps isdisclosed. In some examples, the steps may include one or more of thesteps described herein. For example, the remote computing device mayperform one or more steps to: define an overridden object, wherein theoverridden object is a wrapper object overriding a predefined object,wherein the overridden object is configured to store at least an uniformresource locator, wherein the predefined object is configured to storeat least an uniform resource locator; and wherein the defining anoverridden object configures the processor to create, in a memory, theoverridden object instead of the predefined object in response to arequest to create the predefined object; create, in the memory, thepredefined object, wherein the predefined object is associated with theoverridden object; cause the processor to check for updates (e.g., on apredetermined interval, using a push model, etc.) to the uniformresource locator stored in the overridden object; compare (e.g., inrealtime) the updated uniform resource locator stored in the overriddenobject to a predetermined list of domains, in response to determiningthat the uniform resource locator of the overridden object has beenupdated; and/or based on results of the compare, performing one of: (i)modify the updated uniform resource locator stored in the overriddenobject to remove collected data and store the modified updated uniformresource locator in the predefined object, and (ii) store the updateduniform resource locator in the predefined object. In some examples inaccordance with aspects of the disclosure, additional steps may beperformed to: create, in the memory, the overridden object, in responseto a request to create the predefined object; and/or compare the updateduniform resource locator stored in the overridden object to thepredetermined list of domains. One or more of the steps described abovemay be optional or may be combined with other steps. In one example, thecomputer-executable instructions may be written in a programminglanguage that lacks functionality to override a setter function of avariable corresponding to the uniform resource locator stored in thepredefined object. Furthermore, in some examples, the modified updateduniform resource locator may be a portion of the updated uniformresource locator modified with a default value. In addition, in someexamples, the predetermined list of domains may include a whitelistand/or a blacklist, and the updated uniform resource locator may bestored in the predefined object based on the updated uniform resourcelocator being a part of the whitelist and/or not part of the backlist.

In addition, in accordance with aspects of the disclosure, the methods,apparatus, and computer-readable medium described herein may furtherinclude the steps to cause a remote computing device to: define anoverridden method overriding a predefined method, wherein the definingan overridden method configures the processor to execute, by theprocessor, the overridden method instead of the predefined method inresponse to a request to execute the predefined method; cause theprocessor to execute the predefined method subsequent to execution ofthe overridden method (e.g., using the modified uniform resource locatoras the input parameter to the predefined method); receive an uniformresource locator corresponding to a third domain as an input parameterto the predefined method, and wherein the third domain is different froma domain corresponding to the privacy management system server; comparethe received uniform resource locator to the predetermined list ofdomains; and/or in response to determining that the received uniformresource locator stored is in the predetermined list, modify the uniformresource locator stored to remove the collected data. One or more of thesteps described above may be optional or may be combined with othersteps. In some examples, the predefined method may be a constructormethod corresponding to an image element in hypertext markup language,and the predefined method may be at least one of: an appendChildfunction, an insertBefore function, a replaceChild function, and a writefunction.

In one example in accordance with aspects of the disclosure, a privacymanagement system's computer-readable storage medium storingcomputer-executable instructions, which when executed by a processor ofa computing device located remotely from the privacy management system,causes the remote computing device to perform numerous steps isdisclosed. In some examples, the steps may include one or more of thesteps described herein. For example, the remote computing device mayperform one or more steps to: display the predetermined list of domains,wherein the predetermined list is configured to support regularexpressions with wildcards; generate a graphical user interfaceconfigured to permit updates to the predetermined list by adding anddeleting entries in the predetermined list; send the updatedpredetermined list to the privacy management server for storage;generate an graphical user interface comprising an input meansconfigured to enable scripting code for privacy management; send a stateof the input means to the privacy management server for storage; beforethe defining of the overridden object, determine that the scripting codefor privacy management is disabled; reconfigure the processor to nolonger create the overridden object instead of the predefined object inresponse to a request to create the predefined object; reconfigure theprocessor to no longer cause the processor to check for updates to theuniform resource locator stored in the overridden object; display a listof one or more domains providing third-party scripting code to theremote computing device, wherein the third-party scripting code isconfigured to cause the remote computing device to send the collecteddata to a remote server; determine that the remote server is associatedwith a domain on the blacklist; display the domain on the blacklist thatcorresponds to the domain providing third-party scripting code; displaywhether the processor of the remote computing device is configured toblock execution of the third-party scripting code; determine a locationof the remote computing device; identify a privacy rule corresponding tothe location of the remote computing device; and/or configure theprocessor to block sending of the collected data when the privacy rulehas been met. One or more of the steps described above may be optionalor may be combined with other steps.

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the detaileddescription. The summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter. Moreover, oneor more of the steps and/or components described above may be optionalor may be combined with other steps.

BRIEF DESCRIPTION OF FIGURES

Systems and methods are illustrated by way of example and are notlimited in the accompanying figures in which like reference numeralsindicate similar elements and in which:

FIG. 1 shows an illustrative operating environment in which variousaspects of the disclosure may be implemented;

FIG. 2 is an illustrative block diagram of workstations and servers thatmay be used to implement the processes and functions of certain aspectsof the disclosure;

FIG. 3 is an illustrative graphical user interface showing aPMS-certified verification icon and privacy manager interface inaccordance with various aspects of the disclosure;

FIGS. 4A and 4B (based on, inter alia, Appendix B in U.S. ProvisionalApplication Ser. No. 61/428,560) illustrate an exemplary graphical userinterface for a privacy management console and an advanced rule editor,in accordance with various aspects of the disclosure;

FIGS. 5A, 5B, and 5C (all based on, inter alia, Appendix C in U.S.Provisional Application Ser. No. 61/428,560) illustrate a high-leveldiagram of a webpage with numerous web vendors, including third partyand fourth party vendors, interacting with the webpage, in accordancewith various aspects of the disclosure; and

FIG. 6 illustrates a flowchart of a method related to an online privacymanagement system in accordance with various aspects of the disclosure.

DETAILED DESCRIPTION

In the following description of the various embodiments of thedisclosure, reference is made to the accompanying drawings, which form apart hereof, and in which is shown by way of illustration, variousembodiments in which the disclosure may be practiced. It is to beunderstood that other embodiments may be utilized and structural andfunctional modifications may be made.

A privacy management system (PMS) is disclosed for a Chief PrivacyOfficer (CPO) or other user to use in, among other things, monitoringand/or controlling in realtime the flow of data (e.g., outflow) aboutthe user and his/her online experience. The PMS may provide a dashboarddisplaying a whitelist and/or blacklist indicating whatdestinations/sources are blocked or allowed. The PMS includesbrowser-client scripting code and may also include a PMS-certifiedverification icon for display on webpages being monitored/controlled inrealtime by the PMS.

Systems and methods are disclosed directed at steps performed by a webbrowser application while interacting with a webpage that is monitoredby a privacy management system (PMS). The browser may receive a page(e.g., HTML page) comprising scripting code (e.g., Javascript) frommultiple sources (i.e., privacy management server, third-party analyticsvendors, third-party targeted ads vendors, etc.) The browser may executethe scripting code, thus causing the plurality of elements (e.g.,scripting tags, image tags, etc.) on the page to send data to differentdomains. The scripting code may, in some examples, override particularstandard methods (e.g., appendChild method) and constructor methods forparticular page elements (e.g., image element). The overridden methodmay be executed at the browser (i.e., on the user's device) such thatcommunication between the browser and particular domains or subdomainsmay be blocked or allowed. In some examples, the PMS may implement rulesto determine whether to block or allow the communication, or may rely ondefault rules. The result of monitoring and control by a PMS may bedisplayed on an (online) dashboard for a CPO or other person. The PMSmay generate messages in response to particular events (e.g., blocking)occurring in realtime.

In addition, systems and methods are disclosed directed at a remoteserver that provides the scripting code that is executed to enable thePMS to manage and control the flow (e.g., outflow) of data. The code mayinclude Javascript code that overrides existing Javascript methodsand/or constructors for Javascript objects, and is referred to herein asan “overridden method” or “overridden object.” The existing method orobject that is being overridden is referred to herein as the “predefinedmethod” or “predefined object.”

In addition, systems and methods are disclosed directed at a universalPMS-certified verification icon that may be provided and displayed on awebpage to indicate that the webpage is compliant with particularprivacy policies. The icon may be provided by the PMS and informationabout privacy preferences/settings for the PMS to implement may bestored in the PMS system. Alternatively, the privacypreferences/settings information may be stored on the client's device(e.g., as a cookie) or other location.

In accordance with various aspects of the disclosure, a privacymanagement system (PMS) is disclosed for, among other things, enhancingcontrol over consumer data collection and online privacy. A ChiefPrivacy Officer (CPO), or anyone interested in managing the collectionand distribution of information about an online user (e.g., webanalytics, data mining, etc.) may use the PMS to monitor, collectinformation about, report about, and/or block in realtime thedistribution of data about users. In one embodiment, the PMS may be usedin conjunction with Ensighten's “Ensighten Manage”™ product for tagmanagement. In another embodiment, aspects of the PMS may be used inconjunction with other web analytics and/or tag management productsreadily available in the market, such as those by ObservePoint™,Google™, Site Catalyst™, and others. In addition, the PMS may provide adashboard displaying a whitelist and/or blacklist indicating whatdestinations/sources are blocked or allowed. The PMS includesbrowser-client scripting code and may also include a PMS-certifiedverification icon for display on webpages being monitored/controlled inrealtime by the PMS.

FIG. 1 describes, among other things, an illustrative operatingenvironment in which various aspects of the disclosure may beimplemented (e.g., see Appendix A in U.S. Provisional Application Ser.No. 61/428,560). FIG. 1 illustrates a block diagram of a tag/contentmanager 101 (e.g., a computer server) in communication system 100 thatmay be used according to an illustrative embodiment of the disclosure.The manager 101 may have a processor 103 for controlling overalloperation of the manager 101 and its associated components, includingRAM 105, ROM 107, input/output module 109, and memory 115.

I/O 109 may include a microphone, keypad, touch screen, and/or stylusthrough which a user of device 101 may provide input, and may alsoinclude one or more of a speaker for providing audio output and a videodisplay device for providing textual, audiovisual and/or graphicaloutput. Software may be stored within memory 115 to provide instructionsto processor 103 for enabling manager 101 to perform various functions.For example, memory 115 may store software used by the manager 101, suchas an operating system 117, application programs 119, and an associateddatabase 121. Processor 103 and its associated components may allow themanager 101 to run a series of computer-readable instructions to deployprogram instructions according to the type of request that the managerreceives. For instance, if a client requests that program instructionsfor capturing mouse movements for complete session replay be executed,manager 101 may transmit the appropriate instructions to a user'scomputer when that user visits the client's website.

The manager 101 may operate in a networked environment supportingconnections to one or more remote computers, such as terminals 141 and151. The terminals 141 and 151 may be personal computers or servers thatinclude many or all of the elements described above relative to themanager 101. Alternatively, terminal 141 and/or 151 may be part of a“cloud” computing environment located with or remote from manager 101and accessed by manager 101. The network connections depicted in FIG. 1include a local area network (LAN) 125 and a wide area network (WAN)129, but may also include other networks. When used in a LAN networkingenvironment, the manager 101 is connected to the LAN 125 through anetwork interface or adapter 123. When used in a WAN networkingenvironment, the server 101 may include a modem 127 or other means forestablishing communications over the WAN 129, such as the Internet 131.It will be appreciated that the network connections shown areillustrative and other means of establishing a communications linkbetween the computers may be used. The existence of any of variouswell-known protocols such as TCP/IP, Ethernet, FTP, HTTP and the like ispresumed.

Additionally, an application program 119 used by the manager 101according to an illustrative embodiment of the disclosure may includecomputer executable instructions for invoking functionality related todelivering program instructions and/or content.

Computing device 101 and/or terminals 141 or 151 may also be mobileterminals including various other components, such as a battery,speaker, and antennas (not shown).

The disclosure is operational with numerous other general purpose orspecial purpose computing system environments or configurations.Examples of well known computing systems, environments, and/orconfigurations that may be suitable for use with the disclosure include,but are not limited to, personal computers, server computers, hand-heldor laptop devices, multiprocessor systems, microprocessor-based systems,set top boxes, programmable consumer electronics, network PCs,minicomputers, mainframe computers, and distributed computingenvironments that include any of the above systems or devices, and thelike.

The disclosure may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, etc. that performparticular tasks or implement particular abstract data types. Thedisclosure may also be practiced in distributed computing environmentswhere tasks are performed by remote processing devices that are linkedthrough a communications network. In a distributed computingenvironment, program modules may be located in both local and remotecomputer storage media including memory storage devices.

Referring to FIG. 2, that figure describes an illustrative block diagramof workstations and servers that may be used to implement the processesand functions of certain aspects of the disclosure (e.g., see Appendix Ain U.S. Provisional Application Ser. No. 61/428,560). FIG. 2 describesan illustrative system 200 for implementing methods according to thepresent disclosure is shown. As illustrated, system 200 may include oneor more workstations 201. Workstations 201 may be local or remote, andare connected by one or more communications links 202 to computernetwork 203 that is linked via communications links 205 to tag/contentmanager 204. In certain embodiments, workstations 201 may be differentstorage/computing devices for storing and delivering client-specificprogram instructions or in other embodiments workstations 201 may beuser terminals that are used to access a client website and/or execute aclient-specific application. In system 200, manager 204 may be anysuitable server, processor, computer, or data processing device, orcombination of the same. Throughout this disclosure, tag/content manager204 will be used to reference both the server/terminal that storesprogram instructions for tag/content management and the tag/contentmanagement program instructions themselves.

Computer network 203 may be any suitable computer network including theInternet, an intranet, a wide-area network (WAN), a local-area network(LAN), a wireless network, a digital subscriber line (DSL) network, aframe relay network, an asynchronous transfer mode (ATM) network, avirtual private network (VPN), or any combination of any of the same.Communications links 202 and 205 may be any communications linkssuitable for communicating between workstations 201 and server 204, suchas network links, dial-up links, wireless links, hard-wired links, etc.

The steps that follow in the Figures may be implemented by one or moreof the components in FIGS. 1 and 2 and/or other components, includingother computing devices.

Taking as an example the Ensighten Manage™ product, aspects of which aredescribed in Appendix A of U.S. Provisional Application Ser. No.61/428,560, a webpage author may include Ensighten's code (or othersimilar code 510A) (e.g., a single consistent line of Javascript code)at the top of the webpages 502 on their website servers 504. This codepermits the management of content/tags associated with the webpage. Forexample, the Ensighten Manage™ product may be used to collect analyticsdata about the movement of the webpage visitor's mouse over a particularobject (e.g., “mouse over”) and transmit this data to a remote server(e.g., Ensighten's database 506, the webpage owner's database 504, orother servers 508) for storage/analysis. Assuming the webpage owner isoperating the tag management software, they are directly managing whatdata is collected about their webpage visitors and where that data isdistributed. In such a scenario, a CPO might not need a PMS to monitorand regulate (e.g., block) the flow of analytic data about their websitevisitors.

However, some companies may outsource their web analytics to one or morethird party vendors 508A, 508B that specialize in web analytic, webadvertising, and other web-related services. Meanwhile, these thirdparty vendors may contract/work with one or more fourth party vendors508C to assist in collecting data, displaying/selecting advertisingimages, analyzing collected data, etc. In the examples illustrated inFIGS. 5A, 5B, and 5C, a fourth party vendor (e.g., “Ad Vendor X” 580C)may be executing code 510B on the companies' webpages 502 or collectinganalytics data from the webpages. This fourth party vendor may beunknown to the website owner. In such a scenario, a CPO might not havethe same control over the collection and flow of information about theirwebsite visitors as in the prior scenario. Moreover, if privacy concerns(e.g., through customer complaints, from privacy laws in differentjurisdictions, etc.) are raised, a CPO might not be able to efficientlyassess and regulate (e.g., in realtime) the outflow of analytic data.

Basic PMS for Offline Auditing of Static Webpages.

In one embodiment, the PMS may be used to audit a website. The PMS mayparse a webpage (e.g., HTML) and identify all elements (e.g., imagetags, Javascript tags, Flash™ tags, Applet™ tags, etc.) on the webpage.The PMS may identify the location (e.g., URL, domain, subdomain)corresponding to these elements. For example, the PMS, in such anexample, may identify the domain from which all images elements (e.g.,the “src” attribute of HTML image tag) are being sourced. A basic CPOdashboard (i.e., a graphical user interface that may be displayed on acomputer screen) may identify the various domain names and identify whattype of information is being passed to those domains. In anotherexample, the PMS used to audit the website may also check and analyzethe PMS methods for suspected attempts at modification and report them(e.g., through the CPO dashboard). In some embodiments, the checking andanalysis may also use a covertly deployed JavaScript monitoring programincluding aspects of features described in this disclosure. In yet otherembodiments, the PMS may perform direct (or hash) comparisons ofselected PMS methods' code to check for modifications. The checks and/oranalysis may occur at various different times, including during periodicspot checks and report the findings accordingly.

While this approach is sufficient for a basic static webpage where HTMLelements are built into the page, it may be inadequate when scripting(e.g., Javascript code) is dynamically updating the attribute values ofHTML elements on the webpage and/or adding new elements to the documentobject model (DOM) of the webpage. In addition, the PMS in this exampleperforms its audit offline (e.g., using web spiders/robots), and assuch, is incapable of providing realtime information about andcontrolling the flow of data from the webpage.

PMS for Realtime Monitoring and/or Control of Dynamic Webpages.

In yet another embodiment, the PMS may provide realtime informationabout and control of the flow of data (e.g., analytics data of awebpage) to and from a webpage 502 on a company's web servers 504.Scripting code (e.g., Javascript code) may be embedded in the webpage(e.g., at the top of the webpage) to permit the PMS to interact with theDOM and other aspects of the webpage. Such scripting code may beintegrated with existing tag management or web analytic solutions. Forexample, this scripting code may be included as part of Ensighten's code510A at the top of a webpage 502 as per the Ensighten Manage™ product.

Overriding Particular Methods.

When a webpage is loaded, the PMS's client-browser scripting code 510may execute on the website visitor's computing device 100 (e.g.,personal computer, laptop, smartphone, tablet, etc.) Ensuring that thisscripting code (e.g., Javascript) is executed before external vendors(e.g., third party, fourth party, etc.) code is executed, the PMS'sclient-browser scripting code 510A may override one or more Javascriptmethods available on the DOM of the webpage. As a result, as subsequentscripts and page elements 510 (e.g., HTML tags) are processed andrendered on the webpage, the PMS-overridden Javascript methods areexecuted instead of the standard Javascript methods. In particular, itmay be desirable to override those methods that may result in thecreation or adding of new elements to the DOM. For example, in thecurrent Javascript standard, some examples of such methods include, butare not limited to, the (1) appendChild, (2) insertBefore, (3)replaceChild, and (4) write methods.

Javascript AppendChild( ) Example

For example, with the appendChild( ) method, which adds a node after thelast child node of the inputted element node, the method may beoverridden with at least the following sample 4 lines of pseudo-code:

Line 0: Node.prototype._appendChild = Node.prototype.appendChild; Line1: Node.prototype.appendChild = function(a) { Line 2: //code formonitoring and regulating the appendChild method Line 3:this._appendChild(a); };

In Line 0, the “Node.prototype” language is used to refer to the baseclass that when modified, applies to all elements in the DOM. As such,“_appendChild” is used to store a reference to the original appendChild()method that is part of the Javascript standard. Then in Line 1, theoriginal appendChild( )method is overridden with the new, custom code inLine 2 and Line 3. Line 3 calls the original appendChild( ) function,but before that function is called, the PMS may insert code formonitoring and regulating the scripting occurring on the webpage. Inparticular, this code may inspect the “img” (image) element/object beingpassed into the appendChild( )method and examine it for informationabout what type of analytics data is being collected and where that datais to be sent. For example, if the “img” (image) element was an HTMLimage element (i.e., object), the value of the “src” attribute mayindicate a domain name (e.g., URL with full path and file name) andother information. The term “domain” or “domain name” is used herein torefer, as appropriate, to the full URL of a resource or an abbreviatedform of the URL.

Whitelist and Blacklist Feature.

In addition, in some embodiments, the custom code in Line 2 may includea comparison of the domain name to known friendly and/or hostiledomains. For example, the domain name may be compared against awhitelist 406 (i.e., friendly sites) and blacklist 408 (i.e., hostilesites). (See FIG. 6, ref 610). The comparing may be through a directcomparison, through a comparison involving regular expressions, or acombination of the two. The comparing may involve one or more or none ofa domain's host, path, file, query parameters, hash, or HTTP headerfield (e.g., a user agent field, a referrer field, and/or a cookiefield), or other parameter. The whitelist (and blacklist) may includeregular expressions with wildcards in combination with domain names,subdomain names, or the like. In addition, the blacklist (oralternatively, the whitelist) may include a default expression toindicate that all unrecognized domain names should be blocked. A CPOmay, through an online dashboard or the like (see FIG. 4B), maintainthose domains that should be included in the whitelist 406 and/orblacklist 408. In some examples, particular sites notorious forunauthorized tracking may be automatically added (or suggested foraddition) to the blacklist. For example, a database of vendors (e.g., adservers 508C, web analytics vendors, etc.) that are known to benon-compliant with privacy regulations (e.g., local regulations, foreignregulations, and/or DNT requirements) may be used by the privacymanagement system to populate the blacklist accordingly.

In those cases where the element attempting to be added to the DOM ofthe webpage is not authorized (i.e., the domain it is communicating withis on the blacklist, or it is not on the whitelist and the defaultsetting is to block unrecognized domains), the PMS may, in realtime,block the element from being added to the DOM. Accordingly, code may beincluded in Line 2 above to make the desired comparison and then reactaccordingly. For example, if the element is to be blocked, the value ofthe “src” attribute of the “img” (image) element/object may be clearedbefore the “_appendChild” method call in Line 3. (See FIG. 6, ref 616).Alternatively, the “_appendChild” method in Line 3 may be skippedcompletely. In yet another alternative, the element may be added, butmodified (e.g., using a default value) so as to render void its datacollection capabilities (e.g., by clearing the values of any collectedanalytics data to be saved in the element/object.) For example, clearingthe values of collected data may include modifying/clearing/removingname-value pairs appended to a URL. (See FIG. 6, ref. 618). One of skillin the art after review of the entirety disclosed herein will appreciatethat at least one benefit of one or more of the aforementioned examplesis that a PMS may perform realtime monitoring and blocking/allowing ofinformation (e.g., web analytics) transmission to particulardomains/URLs. Such realtime monitoring may allow for instantaneouscontrol/regulation of web analytics distribution without relying onafter-the-fact audit of offline webpages.

Additional Reporting Features of the PMS.

In addition to providing a CPO online dashboard 400, other reportingtechniques may also be used in conjunction with the PMS. For example, aSMS message (or other message type, e.g., SMTP e-mail message, voicemessage, instant messenger chat message, etc.) may be generated and sentto a CPO (or other person or computing system) in response to a domainon the blacklist attempting to collect and/or transmit analytics data ona company's website. In another embodiment, specific types of data maybe flagged such that when client-side external scripts attempt to callparticular methods associated with sensitive private user data, then arealtime (or delayed) alert may be generated. For example, if anexternal party's script attempts to call a method to read the uniquedevice identifier (UDID) of a smartphone device (or other uniqueidentifier of the browser or user), a message may be automaticallygenerated and sent to the CPO. In addition, a report 402 may begenerated and sent (e.g., by e-mail) to a CPO on a regular (e.g.,weekly, monthly, daily, etc.) basis identifying the domain names thatattempted to collect analytics data from the company's website and thetypes of analytic data.

Wrapper Techniques for Methods Prohibited from being Overridden.

Although the present Javascript standards permit some methods, such as“appendChild,” to be overridden, the language prohibits other methodsfrom being overridden. For example, the “src” attribute of the imageelement is set using a “setter” function that Javascript currently doesnot allow the PMS's client-browser scripting code to override. Anauthorized third party vendor 508A may include Javascript on thecompany's webpage that changes the “src” value to an unauthorized fourthparty's domain 508C, and a PMS that relied solely on overriding methodsand offline auditing may fail to catch the privacy policy breach.

In addition, in some instances, an analytics data transmission may bemasked as an image element that is not appended to the webpage's DOM.Instead, the image element may be for a one pixel by one pixeltransparent image by the analytics provider for the purposes ofcollecting data related to the webpage visitor. For example, the “src”attribute may be set to a URL with an appended string of parametername-value pairs (e.g.,www.hostname.com/theImage.gif?data=something&data2=someMoreData). Oncethe “src” attribute is set, the browser may attempt to locate andretrieve the image at the URL location. In doing so, the analytics datamay be obtained at the remote server as these name-value pairs.Consequently, overriding the method used to add that image element tothe webpage or inspecting the DOM may be inadequate for a PMS to monitorand control (e.g., allow or block) the outflow of analytics data.Although the image element has been described herein as an example ofone technique for collecting and transmitting information from acomputing device to a remote server, the disclosure contemplates thatother elements/objects may be used, and the techniques and/or systemsdescribed herein may be similarly applied to those others.

Therefore, in addition to overriding those desired methods that arecapable of being overridden, in some embodiments, the PMS may include anon-transitory computer-readable medium storing scripting code (e.g.,client-browser scripting code) to wrap the methods available for theHTML image element/object. One of ordinary skill in the art willappreciate after review of the entirety disclosed herein that othermethods/objects (e.g., elements) may be “wrapped” (i.e., referred to asoverridden in various examples in this disclosure) in this manner toovercome the prohibition (i.e., due to lack of functionality in thescripting language) on overriding some methods.

For example, a HTML image element is created in Javascript 510B using animage constructor. That constructor may be overridden. However, inaddition to overriding the constructor method, the PMS client-browserscripting code 510A includes a timer (or equivalent mechanism) thattriggers at regular intervals (e.g., 50 ms, etc.) to inspect the valuesof the attributes of the image element. (See FIG. 6, ref. 606). Inparticular, the value of the “src” attribute may be monitored todetermine if Javascript code (or other code) 510B has modified theattribute value. (See FIG. 6, ref. 608). In an alternate embodiment,assuming the underlying platform 100 running the scripting code providesthe functionality, the trigger may not be based on a repeating interval(or polling) model, but instead on a “push” model that automaticallytriggers upon detection of a change in an attribute value. (See FIG. 6,ref. 606). Such a model may be similar to how a hardware interruptrequests (IRQs) model operates, or to how event-based programming with atalker-listener model (e.g., push-interaction pattern) operates.

In the aforementioned example, the determination whether an attributevalue has been modified may be made by the PMS client-browser scriptingcode comparing the retrieved value of the attribute to a stored value ofthe attribute. (See FIG. 6, ref 608). The stored value may have beenobtained when the original image constructor was called. When it hasbeen determined that the value of an attribute has changed, the PMSclient-browser scripting code may inspect the updated value and otherrelated information to decide whether to allow the updated value. (SeeFIG. 6, ref 612). In one example, the PMS scripting code may keep theattribute value the same. In other examples, the PMS may compare the newvalue to a whitelist 406 and/or blacklist 408 to determine whether toallow the updated value. (See FIG. 6, ref 612). In yet another example,the “src” attribute value may be changed to a default value (e.g., a URLcorresponding to a neutral, transparent image) instead of the new value.(See FIG. 6, ref 616). Effectively, the PMS may conditionally keep theoriginal image reference synchronized with the new image object createdwith the “wrapper” technique that overrides the image constructor. (SeeFIG. 6, refs. 614 & 618).

In one example in accordance with the disclosure, Javascript code mayimplement aspects of the example provided with at least the followingsample lines of pseudo-code directed at the image element. One of skillin the art after review of the entirety disclosed herein will appreciatethat the disclosure is not limited to just the HTML image element, andmay be applied to other elements in the document object model (DOM) aswell as other objects outside of the DOM:

Line 0: (function(scope) { Line 1: var ImageRef = scope.Image;scope.Image = function(a,b) { Line 2: var THIS = this, image,eventHandlers = [‘Abort’,‘Error’,‘KeyDown’,‘KeyPress’,‘KeyUp’,‘load’],exclude = { children:”, childNodes:”, outerHTML:”}, excludeMethods ={naturalHeight:”, naturalWidth:”}; Line 3: image = new ImageRef(a,b);Line 4: // code here to make the object that the PMS's overriddenconstructor returns (i.e.., “THIS”) look exactly like the image objectthat the original implementation returns Line 5: // code here to createempty functions on the PMS's image object for all the event handlers(e.g., onLoad, etc.) listed in “eventHandlers” in Line 3 so that theseevent handler methods can be monitored and controlled Line 6:setInterval( function( ) { Line 7: for ( p in THIS ) { if ( (THIS[p] !==image[p]) && (THIS[p] !== undefined) && !(p in excludeMethods)) { try {if ( p === ‘src’ ) { Line 8: //code for monitoring and regulating theimage element's src attribute Line 9: } image[p] = THIS[p]; THIS[p] =image[p]; ...

Referring to Line 0 in this example, a new function has been createdthat passes Javascript's global scope (i.e., “window”) into thefunction. In Line 1, the original image constructor function is storedinto the variable “ImageRef,” then the constructor function for theimage element is overridden. (See FIG. 6, ref. 602). The “a” and “b”input parameters may optionally provide the width and height,respectively, of the image. In Line 2, the private “THIS” variableindicates which eventHandlers should be monitored and which methods onthe image element/object may be excluded.

Referring to Line 3 of the sample code in this example, although theImageRef( ) method is called with two input parameters, conditional code(e.g., if-else statements) may be included to optionally call theImageRef( )method with either one input parameter or no inputparameters. Such conditional code may be useful to, among other things,when less than the two optional input parameters are desired. In Line 4,a “for” loop may be used to copy all of the properties of the originalimage element/object to the object created by the wrapper. (See FIG. 6,ref 604). In Line 5, the eventhandlers are setup in the wrapper formonitoring. In Line 6, a function is defined that will be repeatedlyexecuted at a regular interval. (See FIG. 6, ref 606). In this case, thepseudo-code omits the end bracket (“{”) for the setInterval( ) and thatthe call accepts the quantity of time (e.g., 50 ms) for each interval.

In Line 7, the code inspects those attributes of the image that are ofinterest to the PMS. (See FIG. 6, ref. 608). In particular, in line 8,if the attribute being analyzed is the “src” attribute of the imageobject, then the PMS may react according to privacy rules. For example,as explained above with respect to Line 2 of the appendChild( )pseudo-code example, the value of the “src” attribute may be checked(e.g., compared) against a whitelist and/or blacklist, as well as otherpossible actions/rules. (See FIG. 6, ref 608). If the PMS determinesthat no privacy violation would occur, then the actual synchronizationof the predefined object (e.g., image object 514) and the correspondingoverridden object (e.g., wrapper image object 512) occurs in Line 9.(See FIG. 6, refs. 612 & 614).

One of ordinary skill in the art after review of the entirety disclosedherein will appreciate that the lines of pseudo-code presented above aremerely a paraphrasing of the code and/or functionality achieved by thecode. One or more lines of code may have been omitted in presenting thesimplified example above.

Identifying the Third Party Culprit Behind the Fourth Party Access.

Referring to the example above with respect to monitoring the imageelement, Line 2 may also include a call to a logStack( ) function (orcomparable function) to determine what specific Javascript codeattempted to create an image element/object or update the “src”attribute of an image element. Such information may allow a CPO toidentify which third party script is responsible for the data beingsent, in addition to identifying what the data being sent out is. Insome embodiments, the logStack( ) function operates by creating an“Error” type object and stripping data from it. The “Error” object maycontain a stack trace that includes information about where the call tocreate or modify an image element/object originated from. While thisfunction may be used in some embodiments in accordance with thedisclosure, it may be omitted in some embodiments where browser-specificlimitations may prevent proper access to the “Error” object. The PMSmay, in some examples, identify the vendor responsible for the privacypolicy violation on the CPO dashboard, in addition to displaying otherinformation. This disclosure also contemplates a stack trace (orcomparable log) being captured in other ways. For example, the“arguments.caller” properties or “Function.caller” properties within alogStack method (or comparable function) may be examined in lieu of, orin addition to, examining an Error object as described above.

Chief Privacy Officer's Dashboard.

FIGS. 4A and 4B illustrate a graphical user interface 400 for a CPOdashboard. Aspects of the dashboard 404 allows the creation of privacyrules for authorizing or blocking direct access to the analytics datacollected from a webpage. For example, the CPO dashboard may allow a CPO(or other user) to create privacy rules that cause a PMS to blockparticular types of collected visitor data from being sent to vendorsbased on the location of the visitor, whether the user terminal is amobile or stationary terminal, or other parameter. For example, foreign(e.g., Germany) privacy regulations may require that no (or none of aparticular type of) visitor data be sent to vendors. The CPO dashboardmay configure 410 the PMS to detect the location of a website visitor(e.g., by reverse geocoding the visitor's IP address to identify thevisitor's location) and to subsequently block any attempts to transmitdata collected about the user to particular vendors (e.g., third partyvendors, fourth party vendors, etc.) One of skill in the art willappreciate after review of the entirety disclosed herein that numerousother information and features may be displayed/available on the CPOdashboard. For example, the CPO dashboard 402 may display the attributename and value of the name-value parameters of image “src” attributes.This may assist CPOs in determining what types of data are beingcollected and sent about visitors of their webpages. At least onetechnical advantage of the prior example is that a single PMS, inaccordance with various aspects of the disclosure, may be used for allworldwide visitors and adjust based on various parameters, such as thelocation of the website visitor and the privacy regulations specific tothat location. Moreover, the PMS may be adjusted based other parametersand features apparent to one of skill in the art after review of theentirety disclosed herein, including any materials (e.g., an informationdisclosure statement) submitted concurrent with the filing of thisdisclosure.

CPO Dashboard's ON/OFF Monitoring Switch.

In addition, in some embodiments in accordance with the disclosure, theCPO dashboard may include an input means (e.g., graphical ON/OFF switch)to allow the CPO to toggle (e.g., turn off, turn on, turn partially on)the state of the PMS functionality if website performance is desired atthe expense of realtime online privacy management. In response to theinput means, a variable (e.g., a Boolean-type variable) in theJavascript code may be updated to activate or deactivate the PMS code.As such, when the switch is in the OFF position, the webpages may berendered without interaction/analysis by the PMS Javascript code. Thestate of the input means (e.g., OFF, ON, partially ON, etc.) may be sentto a remote sever for storage and easy retrieval at a later time.

PMS-Certified Verification.

FIG. 3 illustrates a web browser displaying a webpage (omitted) that ishas received certification from a PMS that the webpage/website complieswith privacy policies. For example, icon 304 illustrates an icon thatmay appear on a webpage 502 to indicate to visitors to the webpage thatthe webpage has been verified (e.g., PMS-certified verification) and isbeing monitored using a PMS, which in some embodiments may be inaccordance with various aspects of the disclosure. The graphical icon304 may be selectable and upon its selection may display a dialog box302. The dialog box 302 may permit a visitor to further customizehis/her privacy settings/preferences. For example, the user can opt outof tracking and targeted ads completed (e.g., a user, upon verificationof age, may be opted out of particular types (or even all) trackingpursuant to child privacy laws because the user is a child under aparticular age.) Upon selection of a setting, the user's preferences maybe transmitted to a remote server (e.g., Ensighten's application server506) to be saved and associated with the user. The association may becreated using browser-side cookies. For example, a browser-side cookiemay be saved on the visitor's device 100 with information that permitsthe PMS to automatically detect the user's preference on future visits.

Companies may sign up with a PMS for monitoring and control of theiranalytics data collection and distribution. As a result, the icon 304may be displayed on the company's webpages 502. Moreover, through thePMS client-browser scripting code (e.g., Javascript code) the PMS maydetect and read cookies Internet-wide. For example, when visitingdifferent websites, the PMS may be able to use the cookie-based approachto automatically implement the user's preference on all sites (e.g.,once a user is verified as being under a particular age, the user'scookie settings may assist in automatically opted the user out oftracking and other activities on other websites.) One skilled in the artwill appreciate after review of the entirety disclosed herein thatnumerous derivations of the base concept disclosed are contemplated. Forexample, the icon 304 may be displayed in different colors to indicatedifferent levels of privacy management. The icon may be displayedprimarily in red to indicate that the website operates under a privacysetting outside the threshold of comfort previously designated by theuser. Meanwhile, the icon may be displayed primarily in green toindicate that privacy controls are commensurate with the user'spreferences. In addition, a dashboard similar to the CPO dashboard maybe made available to the user through selection of the icon 304. Assuch, the user may be able to identify and understand what aspects oftheir online experience are being monitored and where that informationis being sent.

Additional Features.

The PMS contemplated by this disclosure includes code in the Javascriptlanguage, but one of ordinary skill in the art after review of theentirety disclosed herein will appreciate that code written in otherprogramming languages may be used in addition to or in lieu ofJavascript. Numerous detailed examples in the disclosure have usedJavascript merely as an example of a scripting language that allowsdynamic update of the elements on a webpage and function overridingcapabilities. The disclosure contemplates that Javascript may be one daydeprecated in favor of another client-side (and server-side) scriptinglanguages, and the disclosed PMS is not so limited. One of ordinaryskill in the art will appreciate that Javascript may be substituted withother programming languages and technologies (e.g., DHTML 5.0 andcanvas/video elements). In one example, Adobe Flash™ (formerlyMacromedia Flash) objects embedded in a webpage may be dynamicallymanipulated using ActionScript™, a language similar to Javascript inthat it also is based on the ECMAScript standard. This disclosurecontemplates embodiments where Flash objects may be monitored usingtechniques that would be apparent to one of skill in the art afterreview of the entirety disclosed herein. For example, image resources,picture objects, and button objects may have methods overridden orinherited to provide for similar functionality as described herein.Similarly, other non-Javascript technologies, such as Silverlight™ mayalso be used in accordance with various aspects of the disclosure.

In addition, various aspects of the examples illustrated herein takeadvantage of the current version of Javascript and the capabilities itprovides. For example, the Javascript specification currently does notpermit overriding of the “setter” method of the “src” attribute of theHTML image element. If future versions of Javascript provide the abilityto override the aforementioned method, one of skill in the art willappreciate after review of the entirety disclosed herein thatappropriate adjustment to disclosed PMS features is contemplated by thedisclosure. For example, the polling that is currently disclosed formonitoring the attributes of the image element/object may be replaced byan overriding method. Alternatively, if a value change notificationfeature becomes available in Javascript for the particular element, thisdisclosure contemplates that this feature may be used in lieu of (or inconjunction with) the polling technique currently described in oneembodiment.

Furthermore, current web analytics technologies use image elements totransmit collected data from a user's device to a remote server.However, this disclosure contemplates other techniques for transferringcollected data (e.g., analytics data) to a remote server. For example,Websockets™ may be used to create an open direct TCP/IP connection to aremote server to transmit analytics data. One skilled in the art willappreciate after review of the entirety disclosed herein that the PMSmay override the method responsible for creation (e.g., adding,modifying, updating, and/or regulating) of Websockets and apply theprinciples disclosed herein accordingly.

Aspects of the disclosure are described herein in terms of illustrativeembodiments thereof. Numerous other embodiments, modifications andvariations within the scope and spirit of the recited disclosure willoccur to persons of ordinary skill in the art from a review of thisdisclosure. For example, one of ordinary skill in the art willappreciate that the steps illustrated in the illustrative figures anddescribed herein may be performed in other than the recited order, andthat one or more illustrative steps may be optional in accordance withaspects of the invention.

I/We claim:
 1. A non-transitory computer-readable medium storingcomputer-executable instructions that, when executed by a processor of aremote computing device, cause the remote computing device to: generatea graphical user interface configured to permit a user to blocktransmission of analytics data from a page; access an object model ofthe page, wherein the object model includes a predefined object that isconfigured to store at least a uniform resource locator and to collectthe analytics data; create a wrapper object instead of the predefinedobject in response to a request to create the predefined object; monitorthe wrapper object to detect when updates to the object model modify theuniform resource locator stored in the predefined object; compare themodified uniform resource locator to a predetermined list of values; andblock transmission of the analytics data to a server associated with themodified uniform resource locator, based on the comparing.
 2. Thenon-transitory computer-readable medium of claim 1, wherein thecomputer-executable instructions further cause the remote computingdevice to: present an icon on the page.
 3. The non-transitorycomputer-readable medium of claim 2, wherein the icon indicates that thepage has been verified.
 4. The non-transitory computer-readable mediumof claim 2, wherein the icon indicates that the monitoring is beingperformed.
 5. The non-transitory computer-readable medium of claim 2,wherein the computer-executable instructions further cause the remotecomputing device to: present the graphical user interface over the pagewhen the icon is selected.
 6. The non-transitory computer-readablemedium of claim 1, wherein the computer-executable instructions furthercause the remote computing device to: receive a certification from aprivacy management system; and present an icon on the page in responseto the received certification.
 7. The non-transitory computer-readablemedium of claim 6, wherein the certification indicates that the pagecomplies with privacy rules.
 8. The non-transitory computer-readablemedium of claim 6, wherein the page is a webpage of a website, and thecertification indicates that the website complies with privacy rules. 9.The non-transitory computer-readable medium of claim 1, wherein thegraphical user interface is configured to permit a user to customizeprivacy settings.
 10. The non-transitory computer-readable medium ofclaim 1, wherein the graphical user interface is configured to receive asetting, and wherein the computer-executable instructions further causethe remote computing device to transmit the setting to a privacymanagement server for storage.
 11. The non-transitory computer-readablemedium of claim 10, wherein the setting indicates a user's age, andwherein the computer-executable instructions further cause the remotecomputing device to: receive, from the privacy management server,information indicating whether the user's age complies with privacyrules, and block transmission of the analytics data to the serverassociated with the modified uniform resource locator, based on theinformation received from the privacy management server.
 12. Thenon-transitory computer-readable medium of claim 1, wherein thegraphical user interface is configured to receive a setting, and whereinthe computer-executable instructions further cause the remote computingdevice to store a cookie that permits a privacy management system todetect the setting upon subsequent visits to the page.
 13. Thenon-transitory computer-readable medium of claim 1, wherein thegraphical user interface is configured to receive a setting, and whereinthe computer-executable instructions further cause the remote computingdevice to: transmit the setting to a privacy management server forstorage; detect a cookie when accessing a web page; read the cookie;receive, from the privacy management server, information indicatingwhether the web page complies with the setting; and block transmissionof the analytics data to the server associated with the modified uniformresource locator, based on the information received from the privacymanagement server.
 14. The non-transitory computer-readable medium ofclaim 1, wherein the graphical user interface is configured to permitupdates to the predetermined list of values, and wherein thecomputer-executable instructions further cause the remote computingdevice to transmit the updated predetermined list of values to a privacymanagement server.
 15. A computerized apparatus, comprising: a processorconfigured to transmit scripting code over a network to a remotecomputing device; and memory storing the scripting code that, whenexecuted by the remote computing device, causes the remote computingdevice to: generate a graphical user interface configured to permit auser to create one or more privacy rules for a page; access an objectmodel of the page, the object model comprising a predefined object;create a wrapper object instead of the predefined object in response toa request to create the predefined object; monitor the wrapper object todetect when updates to the object model modify a uniform resourcelocator stored in the predefined object; and block transmission ofanalytics data to a server associated with the modified uniform resourcelocator, based on the one or more privacy rules.
 16. The computerizedapparatus of claim 15, wherein the scripting code causes the remotecomputing device to block transmission of the analytics data when theremote computing device is located in a first location, but permittransmission of the analytics data when the remote computing device islocated in a second location, wherein the one or more privacy rulesinclude privacy rules created in accordance with foreign privacyregulations.
 17. The computerized apparatus of claim 15, wherein thescripting code causes the remote computing device to block transmissionof the analytics data based on whether the remote computing device is amobile or stationary device.
 18. A non-transitory computer-readablemedium storing computer-executable instructions that, when executed by aprocessor of a remote computing device, cause the remote computingdevice to: access an object model of a page, wherein the object modelincludes a predefined object that is configured to store at least auniform resource locator; create a wrapper object instead of thepredefined object in response to a request to create the predefinedobject; monitor the wrapper object to detect when updates to the objectmodel modify the uniform resource locator stored in the predefinedobject; block transmission of analytics data to a server associated withthe modified uniform resource locator, based on one or more privacyrules; and present an icon on the page indicating whether the pagecomplies with the one or more privacy rules.
 19. The non-transitorycomputer-readable medium of claim 18, wherein the computer-executableinstructions further cause the remote computing device to determinewhether the page complies with the one or more privacy rules.
 20. Thenon-transitory computer-readable medium of claim 18, wherein thecomputer-executable instructions further cause the remote computingdevice to: select the icon from among a plurality of icons based on aprivacy level associated with the page.
 21. The non-transitorycomputer-readable medium of claim 20, wherein the plurality of iconscomprise an image having different colors.
 22. A computerized apparatus,comprising: a processor configured to transmit scripting code over anetwork to a remote computing device; and memory storing one or moreprivacy settings and storing the scripting code that, when executed bythe remote computing device, causes the remote computing device to:generate a graphical user interface configured to enter the one or moreprivacy settings; transmit the one or more privacy settings to thecomputerized apparatus for storage; detect a cookie when accessing a webpage; receive, from the computerized apparatus in response to detectingthe cookie, information indicating whether the web page complies withthe one or more privacy settings; and block transmission of analyticsdata to a third party server based on the information received from thecomputerized apparatus.
 23. The computerized apparatus of claim 22,wherein the one or more privacy settings comprise a user's age.